Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

2,775 advisories

Loading
AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin High
CVE-2026-33479 was published for wwbn/avideo (Composer) Mar 20, 2026
restriction Credited to restriction
Intake has a Command Injection via shell() Expansion in Parameter Defaults High
CVE-2026-33310 was published for intake (pip) Mar 19, 2026
redyank Credited to redyank
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver High
CVE-2026-33154 was published for dynaconf (pip) Mar 18, 2026
redyank Credited to redyank
This High severity RCE (Remote Code Execution)  vulnerability was introduced in versions 9.6.0,... High Unreviewed
CVE-2026-21570 was published Mar 17, 2026
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is... High Unreviewed
CVE-2025-50881 was published Mar 16, 2026
A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release... High Unreviewed
CVE-2026-3476 was published Mar 16, 2026
"Functions" module in Raytha CMS allows privileged users to write custom code to add... High Unreviewed
CVE-2025-15540 was published Mar 16, 2026
MLflow has a command injection in mlflow/sagemaker/__init__.py High
CVE-2025-14287 was published for mlflow (pip) Mar 16, 2026
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote... High Unreviewed
CVE-2026-3910 was published Mar 13, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo... High Unreviewed
CVE-2026-32414 was published Mar 13, 2026
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and... High Unreviewed
CVE-2026-25817 was published Mar 13, 2026
SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox High
CVE-2026-32640 was published for simpleeval (pip) Mar 13, 2026
ByamB4 Credited to ByamB4 and danthedeckie danthedeckie danthedeckie
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS... High Unreviewed
CVE-2025-67034 was published Mar 11, 2026
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log... High Unreviewed
CVE-2025-67036 was published Mar 11, 2026
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS... High Unreviewed
CVE-2025-67037 was published Mar 11, 2026
CraftCMS has an RCE vulnerability via relational conditionals in the control panel High
CVE-2026-31857 was published for craftcms/cms (Composer) Mar 11, 2026
Neosprings Credited to Neosprings
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker... High Unreviewed
CVE-2026-20892 was published Mar 11, 2026
@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes High
CVE-2026-31861 was published for @siteboon/claude-code-ui (npm) Mar 10, 2026
Akokonunes Credited to Akokonunes and neo-ai-engineer neo-ai-engineer neo-ai-engineer
CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could... High Unreviewed
CVE-2026-2273 was published Mar 10, 2026
AzuraCast: RCE via Liquidsoap string interpolation injection in station metadata and playlist URLs High
GHSA-93fx-5qgc-wr38 was published for azuracast/azuracast (Composer) Mar 9, 2026
q1uf3ng Credited to q1uf3ng
The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up... High Unreviewed
CVE-2026-3352 was published Mar 7, 2026
An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows authenticated attackers to... High Unreviewed
CVE-2025-70995 was published Mar 5, 2026
Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine... High Unreviewed
CVE-2026-28134 was published Mar 5, 2026
changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text() High
CVE-2026-29039 was published for changedetection.io (pip) Mar 4, 2026
DhiyaneshGeek Credited to DhiyaneshGeek and neo-ai-engineer neo-ai-engineer neo-ai-engineer
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to... High Unreviewed
CVE-2025-70341 was published Mar 4, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database